lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix postgres, enable atuin

Browse source
This commit is contained in:
Daniel Flanagan 2024-09-06 16:44:15 -05:00
parent 639aad8c8a
commit 379adc7ec6
1 changed files with 120 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

228
nixos/beefcake.nix
View file

@ -362,6 +362,17 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# }; # };
# } # }
{ {
# services.postgresql = {
# ensureDatabases = [
# "nextcloud"
# ];
# ensureUsers = [
# {
# name = "nextcloud";
# ensureDBOwnership = true;
# }
# ];
# };
# nextcloud # nextcloud
# users.users.nextcloud = { # users.users.nextcloud = {
# isSystemUser = true; # isSystemUser = true;
@ -369,77 +380,84 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# group = "nextcloud"; # group = "nextcloud";
# }; # };
} }
# { {
# # plausible # plausible
# users.users.plausible = { # ensureDatabases = ["plausible"];
# isSystemUser = true; # ensureUsers = [
# createHome = false; # {
# group = "plausible"; # name = "plausible";
# }; # ensureDBOwnership = true;
# users.extraGroups = { # }
# "plausible" = {}; # ];
# }; # users.users.plausible = {
# services.plausible = { # isSystemUser = true;
# # TODO: enable # createHome = false;
# enable = true; # group = "plausible";
# database = { # };
# clickhouse.setup = true; # users.extraGroups = {
# postgres = { # "plausible" = {};
# setup = false; # };
# dbname = "plausible"; # services.plausible = {
# }; # # TODO: enable
# }; # enable = true;
# server = { # database = {
# baseUrl = "https://a.lyte.dev"; # clickhouse.setup = true;
# disableRegistration = true; # postgres = {
# port = 8899; # setup = false;
# secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path; # dbname = "plausible";
# }; # };
# adminUser = { # };
# activate = false; # server = {
# email = "daniel@lyte.dev"; # baseUrl = "https://a.lyte.dev";
# passwordFile = config.sops.secrets.plausible-admin-password.path; # disableRegistration = true;
# }; # port = 8899;
# }; # secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path;
# systemd.services.plausible = let # };
# cfg = config.services.plausible; # adminUser = {
# in { # activate = false;
# serviceConfig.User = "plausible"; # email = "daniel@lyte.dev";
# serviceConfig.Group = "plausible"; # passwordFile = config.sops.secrets.plausible-admin-password.path;
# # since createdb is not gated behind postgres.setup, this breaks # };
# script = lib.mkForce '' # };
# # Elixir does not start up if `RELEASE_COOKIE` is not set, # systemd.services.plausible = let
# # even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused. # cfg = config.services.plausible;
# # Thus, make a random one, which should then be ignored. # in {
# export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20) # serviceConfig.User = "plausible";
# export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )" # serviceConfig.Group = "plausible";
# export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )" # # since createdb is not gated behind postgres.setup, this breaks
# script = lib.mkForce ''
# # Elixir does not start up if `RELEASE_COOKIE` is not set,
# # even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused.
# # Thus, make a random one, which should then be ignored.
# export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20)
# export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
# export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"
# ${lib.optionalString (cfg.mail.smtp.passwordFile != null) # ${lib.optionalString (cfg.mail.smtp.passwordFile != null)
# ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''} # ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}
# # setup # # setup
# ${ # ${
# if cfg.database.postgres.setup # if cfg.database.postgres.setup
# then "${cfg.package}/createdb.sh" # then "${cfg.package}/createdb.sh"
# else "" # else ""
# } # }
# ${cfg.package}/migrate.sh # ${cfg.package}/migrate.sh
# export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb # export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
# ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))" # ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"
# ${lib.optionalString cfg.adminUser.activate '' # ${lib.optionalString cfg.adminUser.activate ''
# psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';" # psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';"
# ''} # ''}
# exec plausible start # exec plausible start
# ''; # '';
# }; # };
# services.caddy.virtualHosts."a.lyte.dev" = { # services.caddy.virtualHosts."a.lyte.dev" = {
# extraConfig = '' # extraConfig = ''
# reverse_proxy :${toString config.services.plausible.server.port} # reverse_proxy :${toString config.services.plausible.server.port}
# ''; # '';
# }; # };
# } }
# { # {
# # clickhouse # # clickhouse
# environment.etc = { # environment.etc = {
@ -562,46 +580,31 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# }; # };
} }
{ {
systemd.tmpfiles.settings = {
"10-backups" = {
"/storage/postgres" = {
"d" = {
mode = "0770";
user = "postgres";
group = "postgres";
};
};
};
};
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [
"daniel"
"plausible"
"nextcloud"
"atuin"
];
ensureUsers = [
{
name = "daniel";
ensureDBOwnership = true;
}
{
name = "plausible";
ensureDBOwnership = true;
}
{
name = "nextcloud";
ensureDBOwnership = true;
}
{
name = "atuin";
ensureDBOwnership = true;
}
];
dataDir = "/storage/postgres"; dataDir = "/storage/postgres";
enableTCPIP = true; enableTCPIP = true;
package = pkgs.postgresql_15; package = pkgs.postgresql_15;
# https://www.postgresql.org/docs/current/auth-pg-hba-conf.html # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
# TODO: enable the "daniel" user to access all databases
authentication = pkgs.lib.mkOverride 10 '' authentication = pkgs.lib.mkOverride 10 ''
#type database user auth-method auth-options #type database user auth-method auth-options
local all postgres peer map=superuser_map local all postgres peer map=superuser_map
local all daniel peer map=superuser_map local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map local sameuser all peer map=superuser_map
# local plausible plausible peer
# local nextcloud nextcloud peer
# local atuin atuin peer
# lan ipv4 # lan ipv4
host all daniel 192.168.0.0/16 trust host all daniel 192.168.0.0/16 trust
@ -927,19 +930,28 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# }; # };
# }; # };
# } # }
# { {
# services.atuin = { services.postgresql = {
# enable = true; ensureDatabases = ["atuin"];
# database = { ensureUsers = [
# createLocally = true; {
# # uri = "postgresql://atuin@localhost:5432/atuin"; name = "atuin";
# }; ensureDBOwnership = true;
# openRegistration = false; }
# }; ];
# services.caddy.virtualHosts."atuin.h.lyte.dev" = { };
# extraConfig = ''reverse_proxy :${toString config.services.atuin.port}''; services.atuin = {
# }; enable = true;
# } database = {
createLocally = false;
uri = "postgresql://atuin@localhost:5432/atuin";
};
openRegistration = false;
};
services.caddy.virtualHosts."atuin.h.lyte.dev" = {
extraConfig = ''reverse_proxy :${toString config.services.atuin.port}'';
};
}
# { # {
# # jland minecraft server # # jland minecraft server
# users.groups.jland = { # users.groups.jland = {